4 things to do if your email account is hacked


Learn what to do if your email account has been hacked so you can stop scammers from targeting your contact list with money scams, malware, and more.

Scammers often hack email accounts to send fake and deceiving messages from a trusted email account with the hope that the recipients will take an action. You will never know that your email account is hacked – until someone tells you that you’ve been sending them strange emails.

The ultimate goal of hacking your email account could be to get these email contacts to send money, turn over personal information, or click a link that installs malware, spyware, or a virus on the victim’s device.

One example: In January 2021, Delhi Police filed the FIR inscribe phishing case. Cybercriminals had allegedly impersonated officials from Harvard University imploying job offers. Personal information was then shared to obtain a “work visa”.1

This could happen to you and the colleagues, friends, and family members in your email contacts list. Once a hacker has access to your account, he/she can do a lot with your email account. They can send emails from your address, access your online accounts, access personal information, steal financial information, blackmail you, steal your identity and do a lot more.

Getting your account hacked is no less than a nightmare. If you are wondering what to do if your email is hacked, here is what you need to do to stop the scammers quickly.

How to know your email has been hacked

You may get an urgent message from a friend or family member who received a suspicious email from you. They may ask if you sent the email. Or they may simply send these panic-inducing words: “You’ve been hacked.”

But you may be able to spot signs of trouble before you are warned  by your  friend or family. Here are the three signs that your email account has likely been hacked.

  • You can’t log into your email account. When you try to log in, you may get a message that your username or password is incorrect. This could mean the hacker changed your credentials to lock you out of your own account.
  • Your sent-messages folder looks odd. Your sent messages folder may hold scam messages you didn’t write. Or, the folder may be sitting empty when you never deleted your sent messages.
  • Strange messages appear on your social media accounts. If your latest Instagram post or tweet is touting some product you’ve never used, a hacker may have gained access to both your email and social media accounts. Your email account can act as a gateway into other accounts. The hacker can simply click “forgot password” at login and have a password reset link sent right to your email inbox, which they now control.

Your email also may contain a wealth of information about your bank account, credit cards, and other financial accounts. A hacked email can put you and your email contacts at risk for identity theft and bank account or credit card fraud. If you think your email has been hacked, take quick action to minimize the damage.

4 things to do if your email is hacked

Wondering what to do if the email is hacked? Here are four steps you can take right now to regain control of your account, banish the hacker, and help protect yourself in the future.

1. Change your credentials.

The first step: Take back control of your account. If the hacker has locked you out, you may have to contact your email service provider for help. You will probably have to provide an array of information to prove your identity and regain control of your email. 

If you do still have access to your account, make these changes right away:

  • Get a new username and password. Choose a strong password. Secure passwords or passphrases should contain at least 12 characters, including numbers, symbols and a mix of capital and lowercase letters. Use a unique password for every account. Password managers offer an easy and secure way to create complex passwords and to keep track of your login credentials.
  • Change your security questions. The hacker may have gotten access to your account by guessing the answers to security questions. They could hack your account again if you don’t change these questions and answers. Avoid choosing questions with answers that can easily be guessed or found online. For example, don’t choose “What’s your mother’s middle name?” if your mom routinely uses her first, middle, and last name on social media. You can secure an email account by choosing questions/answers that are difficult to guess or imagine.
  • Turn on two-step verification. Also known as multifactor authentication, this extra security measure typically requires you to enter your username and password OTP (One-Time-Password) to get into an account. For example, the service provider may send the OTP to your phone each time you try to log in. Without your phone in hand, a hacker will be much less likely to gain entry into an account that has two-step verification turned on.

2. Warn your contacts.

Tell the colleagues, friends, and family in your email contact list that your email has been hacked. Warn them to delete any suspicious messages that come from your account. Also tell them not to open applications, click on links, share credit card information, or send money. It can be embarrassing to let your contacts know you’ve been hacked, but the warning may save them from falling for a scam.

3. Look for signs of trouble.

Hackers may make changes to allow them to get into your account again or even to continue to scam people after you’ve taken back control of the account. To prevent this, you should take these steps:

  • Check your settings. Hackers who gain access to an email account may change settings to further compromise your security. Check your email signature to make sure it doesn’t contain any unfamiliar links.  Check if your emails are being auto-forwarded to someone else. And get tips from your email service provider on any other ways to secure your email account.
  • Scan for trouble. Look for signs of a computer virus on your computer, phone or tablet. These signs may include strange pop-up windows, slowness, problems shutting down or restarting, and unfamiliar applications on your device.

4. Protect yourself for the future.

Finally, you can put a few simple measures in place to make it less likely that your email account gets hacked again. Here’s what to do:

  • Get up to date, frequently. Make sure you are running the latest versions of your apps, browser, operating system, and software. The newest versions often contain patches to fix security flaws hackers can exploit. You may also want to delete any apps you don’t use or that aren’t being updated regularly by their developers.
  • Add security software. Get security software from a reputable company and install it on all of your devices. If you already have security software, make sure you’ve got the latest version and run it to check for malware, spyware, and viruses.

Now that you know what to do if your email account is hacked, you can put a plan of action in place in case you ever do get the dreaded “you’ve been hacked” message from a friend or family members. That will allow you to regain your account and your peace of mind more quickly.

Norton logo
  • Norton
Norton empowers people and families around the world to feel safer in their digital lives

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.